CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11585
https://notcve.org/view.php?id=CVE-2020-11585
06 Apr 2020 — There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. Se presenta un problema de divulgación de información en DNN (anteriormente DotNetNuke) versión 9.5, dentro del ... • https://neff.blog/2020/04/04/dotnetnuke-9-5-file-path-information-disclosure • CWE-330: Use of Insufficiently Random Values CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-5186 – DotNetNuke CMS 9.5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-5186
24 Feb 2020 — DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). DNN (anteriormente DotNetNuke) versiones hasta 9.4.4, permite un ataque de tipo XSS (problema 1 de 2). Cross site scripting attacks can be launched against DotNetNuke CMS version 9.5.0 by uploading a malicious XML file. • https://packetstorm.news/files/id/156483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 2CVE-2020-5187 – DotNetNuke CMS 9.4.4 Zip Directory Traversal
https://notcve.org/view.php?id=CVE-2020-5187
24 Feb 2020 — DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). DNN (anteriormente DotNetNuke) versiones hasta 9.4.4, permite un Salto de Ruta (problema 2 de 2). DotNetNuke CMS version 9.4.4 suffers from zip split issue where a directory traversal attack can be performed to overwrite files or execute malicious code. • https://packetstorm.news/files/id/156489 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-5188 – DotNetNuke CMS 9.5.0 File Extension Check Bypass
https://notcve.org/view.php?id=CVE-2020-5188
24 Feb 2020 — DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. DNN (anteriormente DotNetNuke) versiones hasta 9.4.4, presenta Permisos No Seguros. DotNetNuke CMS version 9.5.0 suffers from file extension check bypass vulnerability that allows for arbitrary file upload. • https://packetstorm.news/files/id/156484 • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 6.1EPSS: 38%CPEs: 1EXPL: 4CVE-2019-12562 – DotNetNuke < 9.4.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12562
26 Sep 2019 — Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. Una vulnerabilidad de tipo cross-site scripting (XSS) es posible en DNN (anteriorment... • https://packetstorm.news/files/id/154673 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 76%CPEs: 1EXPL: 3CVE-2018-18326 – DotNetNuke - Cookie Deserialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-18326
03 Jul 2019 — DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812. DNN (también conocido como DotNetNuke) versión 9.2 hasta la versión 9.2.2 convierte incorrectamente los valores de origen de la clave de cifrado, lo que resulta en una entropía más baja de lo esperado. NOTA: este problema existe debido a una solución incompleta para CVE-2018-15812. • https://packetstorm.news/files/id/157080 • CWE-331: Insufficient Entropy •
CVSS: 7.5EPSS: 75%CPEs: 1EXPL: 3CVE-2018-18325 – DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
https://notcve.org/view.php?id=CVE-2018-18325
03 Jul 2019 — DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. DNN (también conocido como DotNetNuke) versión 9.2 hasta la versión 9.2.2 utiliza un algoritmo de cifrado débil para proteger los parámetros de entrada. NOTA: este problema existe debido a una solución incompleta para CVE-2018-15811. DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a we... • https://packetstorm.news/files/id/157080 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 78%CPEs: 1EXPL: 3CVE-2018-15812 – DotNetNuke - Cookie Deserialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-15812
03 Jul 2019 — DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. DNN (también conocido como DotNetNuke) versión 9.2 hasta la versión 9.2.1 convierte incorrectamente los valores de origen de la clave de cifrado, lo que resulta en una entropía más baja de lo esperado. • https://packetstorm.news/files/id/157080 • CWE-331: Insufficient Entropy •
CVSS: 7.5EPSS: 75%CPEs: 1EXPL: 3CVE-2018-15811 – DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
https://notcve.org/view.php?id=CVE-2018-15811
03 Jul 2019 — DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. DNN (también conocido como DotNetNuke) versión 9.2 hasta la versión 9.2.1 utiliza un algoritmo de cifrado débil para proteger los parámetros de entrada. DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. • https://packetstorm.news/files/id/157080 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-14486 – DNN 9.1 XML Related Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-14486
23 Jan 2019 — DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. DNN (anteriormente DotNetNuke) 9.1.1 permite Cross-Site Scripting (XSS) mediante XML. DNN version 9.1 suffers from a cross site scripting issue that can be achieved via an XML vulnerability. • https://packetstorm.news/files/id/151304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •